strip protocol from host, fix CSRF for transimission with missing session id

Author: AnthonyGress

backend/src/routes/adguard.route.ts

@@ -53,7 +53,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '3000';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/deluge.route.ts

@@ -89,7 +89,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '8112';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/jellyfin.route.ts

@@ -72,9 +72,14 @@ jellyfinRoute.get('/sessions', async (req: Request, res: Response) => {
 
         console.log('Jellyfin sessions request');
 
+        // Clean the host to remove any protocol prefix
+        let cleanHost = host;
+        cleanHost = cleanHost.replace(/^https?:\/\//, '');
+        cleanHost = cleanHost.replace(/\/+$/, '');
+
         const protocol = ssl ? 'https' : 'http';
         const actualPort = port || '8096';
-        const baseUrl = `${protocol}://${host}:${actualPort}`;
+        const baseUrl = `${protocol}://${cleanHost}:${actualPort}`;
         const sessionsUrl = `${baseUrl}/Sessions`;
 
         const httpModule = ssl ? https : http;
@@ -183,9 +188,14 @@ jellyfinRoute.get('/library-stats', async (req: Request, res: Response) => {
 
         console.log('Jellyfin library stats request');
 
+        // Clean the host to remove any protocol prefix
+        let cleanHost = host;
+        cleanHost = cleanHost.replace(/^https?:\/\//, '');
+        cleanHost = cleanHost.replace(/\/+$/, '');
+
         const protocol = ssl ? 'https' : 'http';
         const actualPort = port || '8096';
-        const baseUrl = `${protocol}://${host}:${actualPort}`;
+        const baseUrl = `${protocol}://${cleanHost}:${actualPort}`;
 
         const httpModule = ssl ? https : http;
 

backend/src/routes/jellyseerr.route.ts

@@ -24,7 +24,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '5055';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/pihole-v6.route.ts

@@ -118,7 +118,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '80';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/pihole.route.ts

@@ -25,7 +25,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '80';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/qbittorrent.route.ts

@@ -30,7 +30,12 @@ const getBaseUrl = (req: Request): string => {
     }
 
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '8080';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/radarr.route.ts

@@ -24,7 +24,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '7878';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/sabnzbd.route.ts

@@ -27,7 +27,14 @@ const getBaseUrl = (req: Request): string => {
     }
 
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    // Remove http:// or https:// if present
+    host = host.replace(/^https?:\/\//, '');
+    // Remove any trailing slashes
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '8080';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';

backend/src/routes/sonarr.route.ts

@@ -24,7 +24,12 @@ const validateItemId = (req: Request): string => {
 const getBaseUrl = (req: Request): string => {
     const itemId = validateItemId(req);
     const connectionInfo = getItemConnectionInfo(itemId);
-    const host = connectionInfo.host || 'localhost';
+    
+    // Clean the host to remove any protocol prefix
+    let host = connectionInfo.host || 'localhost';
+    host = host.replace(/^https?:\/\//, '');
+    host = host.replace(/\/+$/, '');
+    
     const port = connectionInfo.port || '8989';
     const ssl = connectionInfo.ssl || false;
     const protocol = ssl ? 'https' : 'http';